Header image

Why you should never, ever pay a ransom...

As ransomware proliferates, only true joined-up global cyber policing will help reduce its spread. But stamping out crime starts by withholding the ransom. Here’s why…

At its heart, ransomware shares its approach with old-fashioned blackmail or economic terrorism – except it’s deployed under the protective cloak of cyberspace. In many cases, this guise is nearly impermeable and prevents effective detection and prosecution of criminals.  

Today’s ransomware can elicit financial gains but, even more worryingly, bad actors are able to destabilise societies through cyber espionage and asymmetrical warfare.   

World’s biggest threat…
According to the United Kingdom’s Government Communications Headquarters, ransomware is the “biggest threat to online security for most people”. Such techniques are also being leveraged as a new form of political terrorism that attacks a state’s economy rather than its people or physical infrastructure.  

The rise of this type of criminality (whether by private or state actors) is linked to the availability of increasingly sophisticated technology, as well as expanding skill sets and resources.  

The appeal of ransomware is easy to understand – it is relatively a risk-free way of extracting money, establishing political or personal leverage, destabilising organisations, and obtaining confidential information on third parties.  

Paying a ransom is counterproductive
At present, most private bodies are managing the ransomware threat by simply paying the sum demanded to regain access to their systems. The overriding concern is to continue their business activities as quickly as possible. That approach, however seemingly practical in the short-term, will prove misguided and flawed in the long-term since blackmailers aim to extract as much money or information as possible. Far from solving the issue, acquiescing to such demands only serves to encourage future ransomware attacks.  

Traditional law enforcers must tackle ransomware
Simply transferring the required funds is not a sustainable solution and won’t be tolerated for long by an insurance industry under increasing pressure to stem losses.   

Greater resources – and trust – must be placed in traditional law enforcement agencies to investigate these crimes and increased awareness must be fostered through education, training, and the use of suitable technologies to secure accounts.  

State actors initially viewed ransomware as a commercial matter or ‘risk issue’ to be managed by organisations such as banks, financial institutions, and corporate bodies. It was up to those organisations to decide how they dealt with the issue. But recently there has been a growing and welcome appreciation of the risks posed by ransomware to governments and security agencies.  

Governments are increasingly keen to deploy a more proactive approach to combating this threat: through economic sanctions; the deployment of cyber self defence measures; or pre-emptive cyber attacks on rogue states operating in this field.  

National security bodies are now taking the lead against ransomware, and the deployment of traditional law enforcement agencies has become secondary to the process.   

While this approach should be welcomed, deploying covert cyber self defence measures raises concerns about the rule of law and how it should operate on a supra-national level when combating cybercrime activity.  

The ‘Wild West’ approach is powerless
We must guard against the principle of “for the greater good” being the driving force, or justification for state activity in this field, as it inevitably weakens the rights and freedoms of individuals – and those of less developed nation states.  

It is essential to create a system that allows for the rule of law and due process to be applied between states and their citizens. This type of approach ensures that ransomware and other forms of cyber terrorism are governed by international norms.  

The ‘Wild West’ approach, which has previously infected so much of the internet and the social media world, cannot be allowed to develop to repeat itself in this area of the cyber world. The potential cost to the real world is simply too big.  

This article was co-authored by Ian Whitehurst at Exchange Chambers; Mark Potkewitz, Professor at Brooklyn Law School Justice Lab; Steven Furnell, professor of cybersecurity, University of Nottingham, Nottingham, UK; and Adam Butschek.  

Want to know more? Watch this free video from our partner CIISec – 
Masterclass: Ransomware and Economic Terrorism

Upcoming Events


Beyond Cloud Security Posture Management:

Validating Cloud Effectiveness with Attack Simulation

image image image image